From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 30141 invoked by alias); 29 Jun 2003 23:35:08 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 30105 invoked from network); 29 Jun 2003 23:34:59 -0000 Received: from unknown (HELO ganymede.tranquillity.lan) (81.108.149.163) by sources.redhat.com with SMTP; 29 Jun 2003 23:34:59 -0000 Received: from karsten by ganymede.tranquillity.lan with local (Exim 3.36 #1 (Debian)) id 19WlhC-00080i-00 for ; Mon, 30 Jun 2003 00:34:58 +0100 Date: Mon, 30 Jun 2003 06:23:00 -0000 From: "Karsten M. Self" To: cygwin@cygwin.com Subject: Re: About the 'su' command Message-ID: <20030629233457.GY22695@ganymede> Mail-Followup-To: cygwin@cygwin.com References: <20030617232103.79106.qmail@web10102.mail.yahoo.com> <01d501c33598$5b90c020$0200000a@FoxtrotTech0001> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="7PAM/4G1BR2SfWzg" Content-Disposition: inline In-Reply-To: <01d501c33598$5b90c020$0200000a@FoxtrotTech0001> X-Debian-GNU-Linux: Rocks X-Kuro5hin-cabal: There is no K5 cabal X-GPG-Fingerprint: 5CAA 226D 2CCC 0A2A A502 D09E 79F1 BCE3 8DE4 D38E X-uptime: 06:57:09 up 10 days, 17:55, 8 users, load average: 0.08, 0.16, 0.17 User-Agent: Mutt/1.5.4i X-SW-Source: 2003-06/txt/msg01385.txt.bz2 --7PAM/4G1BR2SfWzg Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-length: 3297 Is this, or could this be made, part of the standard Cygwin docs and/or FAQ?=20=20 Very nice explanation, Bill. Peace. on Wed, Jun 18, 2003 at 08:51:24AM -0400, Bill C. Riemers (cygwin@docbill.n= et) wrote: >=20 > > The second says the command wont work unless I have appropriate > > privileges. > > Do you know "someone" on an XP station that has more powers than the > > Administrator or an Administrators member ? >=20 > On most Unix systems, if you create a user with UID 65535 you will find t= hat > user is unable to run 'suid' commands including 'su'. This is result of > 65535 mapping to -1 as a short, and -1 having special meaning. For awhile > there was a trend to make the "nobody" user 65535. But then with the dawn > of the web, programmers started wanting to make SUID cgi-bin scripts, whi= le > still using "nobody" as the default user for web connections. As such, t= he > practice using 65535 for "nobody" has for the most part been abandoned in > the Unix world. >=20 > However, someone at Microsoft must have thought this was an extremely good > idea. And why just have one account which is not allowed to SUID? So > instead, Microsoft wrote XP so any account !=3D UID 18 is prohibited from > SUID. (OK. I over simplified, you can actually grant other accounts > privilege to SUID on XP professional...) >=20 > At first thought, the idea of restricting SUID to SYSTEM seems to give XP > much stronger security than most unix systems. Until, you stop and > consider, if only SYSTEM can SUID, and I can't login as SYSTEM, how does > anything ever get installed to run under SYSTEM? It turns out SYSTEM is = the > account used for running services. Anyone with Administrators privilege = can > add a new service. Consequently, all Administrators can run any program > they like as SYSTEM, including of course 'su'. >=20 > So, you ask, if it is so easy for Administrator to run a process as SYSTE= M, > why doesn't 'su' use this trick? Quite simple. You can not change an > existing process to SYSTEM privileges, nor can you do a direct exec() so = you > can pass your open file descriptors and environment to the new process. > Consequently, you would find that if su used this "trick" your process wo= uld > be running under a new TTY without access to existing file descriptors. = So > a command like, 'su root -c "bar.sh" < /tmp/foo' would not work as expect= ed. >=20 > Now you ask, "Well then, why can ssh do pipes." Very simple, 'ssh' sticks > around after starting the child process starts passing data from open file > descriptors though sockets. >=20 > Finally you ask, "If ssh can do that, why doesn't su?" Simple. Why rewr= ite > 'su' to do those types of tricks, when 'ssh' already exists? >=20 > Bill > -- > Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple > Problem reports: http://cygwin.com/problems.html > Documentation: http://cygwin.com/docs.html > FAQ: http://cygwin.com/faq/ --=20 Karsten M. Self http://kmself.home.netcom.com/ What Part of "Gestalt" don't you understand? Spread the real scoop on Xenu and The Church of Scientology, link Scientology on your website. --7PAM/4G1BR2SfWzg Content-Type: application/pgp-signature Content-Disposition: inline Content-length: 189 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE+/3ehefG8443k044RAoe6AJ0TjVkcGer+yoA5gj7tb3tIkEr6EACcDlKw 1yAaBD7xZZ5THmGkppvDJd4= =Lrn1 -----END PGP SIGNATURE----- --7PAM/4G1BR2SfWzg--